79 lines
1.7 KiB
Markdown
79 lines
1.7 KiB
Markdown
== Title ==
|
|
|
|
Lost My Keys
|
|
|
|
== Description ==
|
|
|
|
There's this old server which I haven't accessed in years. It seems that I have forgotten the password...
|
|
I left some important files on that server. Can you help me get access again and recover my files?
|
|
There should still be an ssh server running on port 2222.
|
|
I made a disk image of the computer that I used to have access with a long time ago, maybe you can figure something out?
|
|
IP address of the server:
|
|
|
|
Hint: Don't bother trying to brute-force the password.
|
|
|
|
== Flag ==
|
|
IGCTF{TheyWereInMyJacket!}
|
|
|
|
== Files ==
|
|
Participants should receive the disk.zip file.
|
|
|
|
== Deployment ==
|
|
The docker container providing an ssh server with a flag in it needs to be deployed.
|
|
|
|
== Solution/Writeup ==
|
|
<---- Filler ---->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Unzip the disk.zip file to find the ISO of an ext4 file system.
|
|
Mount the iso using mount:
|
|
|
|
mount disk.iso /mnt
|
|
|
|
Navigate to the only home directory. Its name is joske.
|
|
This will also be the username used to login to the ssh server.
|
|
You should now notice that there is an empty .ssh directory.
|
|
The title "lost my keys" hints at a possibility for using ssh keys.
|
|
|
|
The ssh private key is deleted but not lost. You should be able to recover it using standard recovery tools. An easier way is to simply grep for the string "OPENSSH" on the entire iso and add enough context to read the full key.
|
|
|
|
strings disk.iso | grep -A 50 "OPENSSH" | less
|
|
|
|
The private key should be present in the output, copy it into a file (e.g., called key).
|
|
|
|
Next, simply login to the ssh server using the private key.
|
|
|
|
ssh -p 2222 -i key joske@<IP> (TODO fill in IP)
|
|
|
|
Finally, go to the home directory of joske and read the flag file:
|
|
|
|
cd /home/joske
|
|
cat flag.txt
|